gksudo should notify users that the password is being remembered and used

Bug #18905 reported by Stephen Shirley on 2005-07-12
32
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gksu (Ubuntu)
Wishlist
Unassigned

Bug Description

From the UsingSudo udu wiki page:
- A indicator should show up in the notification area during the 5min timeout
while i can use the gained admin rights without re-entering the password, giving
an option to cancel "god mode" imediately.
- The dialog should always show up, even if "god mode" is still active, to
indicate that I do something requiring administrative rights. During the 5min
time period where no password input is required the password in the dialog
should be prefilled.

Stephen Shirley (kormat) wrote :

Changing severity to enhancement, and qa contact to <email address hidden> as instructed.
I intend to work on this.

Michael Vogt (mvo) wrote :

Thanks for your bugreport.

A notification window is displayed in the dapper version of ubuntu if anything
was run as root with a cached password. Do you think that is sufficient? It
allows currently not to "block" a attempt to run something as root, it just informs.

I think a indicator in the notification area is not easy to do from a technical
POV (requires something that monitors the sudo cache in the background etc).

Cheers,
 Michael

Michael Vogt (mvo) wrote :

We have removed the window that came up when a cached sudo password was used again for dapper. The problem was that it was displayed after the program was launched and that wasn't that useful. Having it before the app is launched would be better (but technically much harder :)

Cheers,
 Michael

Changed in gksu:
status: Needs Info → Unconfirmed
assignee: mvo → nobody
Phil Housley (undeconstructed) wrote :

This seems like a very important issue to me. Currently, any app can be secretly running as root, if it somehow gets itself executed by gksu after I've already entered a password.

I know nothing about the internals of gksu, so this might be unreasonable, but I would think the best option would simply be to always display some sort gksu prompt. If it's possible to display that a sudo session is availiable, surely it's possible to detect this, and then provide an "Allow/Deny" dialog, instead of the usual password prompt?

The logic of this isn't perfect, as gksu doesn't currently talk about allowing programs root access, but that's a minor thing compared to having a way to block random apps from being run with root privilege.

Adam Petaccia (mighmos) wrote :

I agree that gksu should notify when apps are running with root privs.

I seem to remember Red Hat (a LONG time ago) providing an indicator applet that stuck around for 5 minutes telling you that the password was remembered; you could also click it and tell it to forget it.

Changed in gksu:
status: Unconfirmed → Confirmed
unggnu (unggnu) wrote :

I agree that the situation is a high security risk. Every malware which uses the monthly security hole in Firefox, Flash or similar gains user rights. After that it can wait until gksu is run for installing updates, packages or changing configuration. As soon as gksu is running it can gain root rights and do whatever it wants. It isn't that easy because gksu runs only menu/panel apps without asking but there would be an workaround if someone is really interested.
I guess the best solution would be to use Policykit for all Admin gui applications. So the authentication could be cached only for this app or saved for every start which is fine too since it prevents users from disabling the security feature and it should still be relatively secure too.

Notification would maybe inform the user but not prevent the root access. Of course it would be better than the current situation.

The issue is still there in Jaunty.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.